Zendesk user's suspension status is changed

zendesk

Classification:

attack

Set up the zendesk integration.

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Goal

Detect when a Zendesk user’s suspension status is changed.

Strategy

Monitor Zendesk audit logs to look for events with an @source_type value of user_setting" and message:"Suspended" or message:"unsuspended". Users can be suspended, which means that they can no longer sign in and any new support requests you receive from them are sent to the suspended tickets queue.

Triage and response

  1. Determine if the user {{@usr.name}} intended to change the user’s suspension status.
PREVIEWING: esther/docs-9518-update-example-control-sensitive-log-data